class CancellationReportsController < ApplicationController
  before_filter :authenticate!
  before_filter :protect_from_student, :except => [:show]
  before_filter :protect_from_instructor, :only => [:index]
  before_filter :correct_user
  # GET /cancellation_reports
  # GET /cancellation_reports.json
  def index
    if @current_user.instructor?
      @cancellation_reports = CancellationReport.joins(:timeslot).where('timeslots.instructor_id' => @current_user.usable)
    else
      @cancellation_reports = CancellationReport.all
    end

    respond_to do |format|
      format.html # index.html.erb
      format.json { render json: @cancellation_reports }
    end
  end

  # GET /cancellation_reports/1
  # GET /cancellation_reports/1.json
  def show
    @cancellation_report = Timeslot.find(params[:timeslot_id]).cancellation_report

    respond_to do |format|
      format.html # show.html.erb
      format.json { render json: @cancellation_report }
    end
  end

  # GET /cancellation_reports/new
  # GET /cancellation_reports/new.json
  def new
    @cancellation_report = CancellationReport.new
    @timeslot = Timeslot.find(params[:timeslot_id])

    respond_to do |format|
      format.html # new.html.erb
      format.json { render json: @cancellation_report }
    end
  end

  # GET /cancellation_reports/1/edit
  def edit
    @timeslot = Timeslot.find(params[:timeslot_id])
    @cancellation_report = @timeslot.cancellation_report
  end

  # POST /cancellation_reports
  # POST /cancellation_reports.json
  def create
		@timeslot = Timeslot.find(params[:timeslot_id])
    @cancellation_report = CancellationReport.new(params[:cancellation_report])
    @cancellation_report.timeslot = @timeslot

    respond_to do |format|
      if @cancellation_report.save
				@timeslot.cancel_registration!
        CancellationMailer.cancellation_email(@cancellation_report).deliver
        format.html { redirect_to timeslot_cancellation_report_path(@timeslot), notice: 'Cancellation report was successfully created.' }
        format.json { render json: @cancellation_report, status: :created, location: @cancellation_report }
      else
        format.html { render action: "new" }
        format.json { render json: @cancellation_report.errors, status: :unprocessable_entity }
      end
    end
  end

  # PUT /cancellation_reports/1
  # PUT /cancellation_reports/1.json
  def update
    @timeslot = Timeslot.find(params[:timeslot_id])
    @cancellation_report = @timeslot.cancellation_report

    respond_to do |format|
      if @cancellation_report.update_attributes(params[:cancellation_report])
        format.html { redirect_to timeslot_cancellation_report_url(@timeslot), notice: 'Cancellation report was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: "edit" }
        format.json { render json: @cancellation_report.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /cancellation_reports/1
  # DELETE /cancellation_reports/1.json
  def destroy
    @timeslot = Timeslot.find(params[:timeslot_id])
    @cancellation_report = @timeslot.cancellation_report
    @cancellation_report.destroy

    respond_to do |format|
      format.html { redirect_to cancellation_reports_instructor_url(@current_user.usable) }
      format.json { head :no_content }
    end
  end

  def correct_user
    @cancellation_report = Timeslot.find(params[:timeslot_id]).cancellation_report
    @timeslot = Timeslot.find(params[:timeslot_id])
    if @current_user.student?
      unless @current_user.usable.id == @cancellation_report.student.id
        redirect_to actions_url, :alert => "Not authorized to view this cancellation report"
      end
    else
      unless @current_user.usable.id == @timeslot.instructor.id
        redirect_to actions_url, :alert => "Not authorized to view this cancellation report"
      end
    end
  end
end
